Facebook, Washington AG file suits over ‘likejacking’ scheme

Facebook and Washington state Attorney General Rob McKenna today filed lawsuits against Adscend Media, an ad network that allegedly is engaged in a deceptive practice which has come to be known as “likejacking.”

“We don’t ‘like’ schemes that illegally trick Facebook users into giving up personal information or paying for unwanted subscription services through spam,” McKenna said in a release. “We applaud Facebook for devoting significant technical and legal resources to finding and stopping scams as soon as possible – and often before they even start. We’re proud to join forces in order to protect Washington consumers.”

Facebook General Counsel Ted Ullyot — who made the announcement of its lawsuit today at the company’s Seattle engineering office — added:

“Security is an arms race, and that’s why Facebook is committed to constantly improving our consumer safeguards while pursuing and supporting civil and criminal consequences for bad actors,” Ullyot said.

Here’s how Facebook and McKenna said the scheme works:

Scammers design Facebook Pages to look like they will offer visitors an opportunity to view salacious or provocative content. They condition viewing this content on completing a series of steps that are designed to lure Facebook users into eventually visiting websites that often deceive them into surrendering their personal information or signing up for expensive mobile subscription services.

First, Facebook users are encouraged to click the “Like” button on the scammers’ Facebook Pages, which then alerts their friends to the existence of the page. Then they are told that they cannot access the content unless they complete an online survey or advertising offer. In one example noted in the complaint, the scammers overlay the Facebook “Like” button with a link that promises to reveal the results of: “This man took a picture of his face every day for 8 years!!” Of course, the promised content often does not exist and the tricked user is then directed through a series of prompts taking them off of Facebook and through a host of unrelated advertising and subscription service offers, where the scammers receive money for each misdirected user.

In some cases, Facebook users don’t even need to click the “like” button to spread the spam on their Facebook pages. In the process called “clickjacking,” a hidden code in enticing-looking links activates Facebook’s “like” function and puts it on the users’ friends’ news feeds.

The scheme allegedly was driving up to $1.2 million per month for Delaware-based Adscend. The suit targets Adscend co-owners Jeremy Bash of Huntington, West Virginia and Fehzan Ali, of Austin, Texas.

They are accused of violating the CAN-SPAM Act; Washington state’s Commercial Electronic Mail Act; and Washington State’s Consumer Protection Act. The suits ask the court to enjoin the defendants from engaging in future violations.

Follow-up: Here are remarks made by McKenna at this morning’s news conference:

Here’s a look at how the alleged scheme appears:

John Cook is GeekWire's co-founder and editor, a veteran reporter and the longest-serving journalist on the Pacific Northwest tech startup beat. Follow him @johnhcook and email john@geekwire.com.

Related Stories

Comments

Thank you to AG McKenna for taking on these scammers! I’ve literally lost count of the number of times I’ve had to castigate one of my “friends” for having clicked on one of these spurious Like buttons. Down with likejacking.